It depends on what your threat model is. If you concern about CVE level issues like the privilege escalation, you would better run images as non-root user. But what you care about is general security stuff, following the general rules for your networking topology would be enough.

K8s helps me a lot to understand what I don’t know but nothing more than that. You need tons of studying to know what is going on beyond the scope of k8s.

Not only k8s is solid overkill for the homelab but also most of self hosted services are not designed to be deployed in k8s pods. So it won’t just work.

In case you want to learn something through deploying k8s, it doesn’t help you much either. Learning networking is much better option instead.

Applications like gitea, nextcloud, or home assistant won’t just work. And adguard, qbittorrent would just work but you need to how k8s works to configure properly. Cert like cert-manager needs to understand either compared to Docker one like npm. Also you cannot deploy 2 replicas of vaultwarden.

I mean, if you have a strong understanding of k8s you can do whatever you want, but many self hosted apps are not designed to be deployed in k8s. I am sure about that.

Based on my experience, I suffered tons of errors and not just working so many times, I made it eventually though.

I want to ask you a question. Have you deployed anything on k8s? If you ever deployed self hosted apps on k8s, I think it is really hard to disagree my humble opinion.

Hosting only *arr is not the one who insist himself loves to learn definitely…You are just a random guy who does not care about learning and tech at all.

If you really love to learn then you can literally self host anything. You just don’t love it that much.

How is the fast of this? I am using Nextcloud, but it is terribly slow and thinking of migration. If it has just average speed like the other applications, I would move.

Self hosted budget management app is like more advanced user stuff rather than the normal users would do. So hosting that kind of things might sound very weird to you, I get that.

But it is more like a tendency. Most users start their homelab with very basic services like storage management, video streaming, photos, or note taking. There is a huge steep learning curve to run all of them safely and robustly, but once you get over it and there is a wide and very flat area you literally can do anything whatever you want.

Budge management app is like that thing. Many of us wouldn’t start hosting budge management app, but we will get there eventually. Because we can.

If you design an application, choosing database would be a big deal, but since you are the user, you can choose whatever you want. My go to is postgre though.